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Project Executive Summary 
IOC in scope — Stage 1 and 2 


Formation of alliance 

Development of best practices and CSP/MCE registries 

Billing mechanism consistent with SAP and government requirements 

Pilot projects to validate approaches to architecture 

Single Agency-wide procurement for AWS (as reference laaS for framework development) 
Launch 2-3 Managed Cloud Environments 


Enterprise cloud environment with Basic security and billing functionality 

Security functionality includes basic capabilities for patching, scanning, continuous monitoring, 
incident response, auditing, ICAM 

Billing functionality includes basic capabilities for funding pools, spending rules and controls, 
consumption tracking, invoicing, and payment 


Enhanced capabilities in security and billing functionality 

Security functionality includes enhanced Stage 2 capabilities 

Billing functionality includes enhanced Stage 2 capabilities plus real-time consumption tracking 
with notifications 


Uniform interface to all Services 

A robust suite of fiscal and security controls 

Comprehensive dashboard for monitoring performance, resource consumption, incidents 
Automated and cross-cloud provisioning 

Broad selection of CSPs to addressracrange of requirements 2 
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Baseline Governance 
=» CSSO Charter 


=" CSSB Charter and 
Mechanisms 


NCAA Framework 


= CSP Security Assessment 
Review Process 


= NCAA Workflow Suite (7+ 
workflows) 


= CSP/CIR Repositories 
Service Portfolio Framework 
Process Portfolio Framework 


Provisional ATO for AWS (as 
reference laaS for framework 
development) 


CSP Services Acquisition 7 
(Procurement) 


Service Ordering 


Spending Controls and 7 
Thresholds (Alerts) 


Customer Chargeback Reporting 


=" Tagging Mechanism to 
Allocate Costs 


Reseller Invoice Processing 
Service Incident Mgmt 
Security Incident Mgmt 
Customer Mgmt/Outreach 
= CSSO Website 
= Communications Package 
=" Community of Interest / 


Document Management 
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NASA Services Integration 


= IPAM, ICAM, DNS, NCAD, 
SOC, ITSec-EDW 


Architecture Development 


= Portfolio of Asset 
Templates (VPC, Hardened 
OS Images, IAM Policies) 


=" Connectivity (VPN, Direct 
Connect, TIC Compliance) 


Service Assets 


=" Configurationand Change 
Management 


=» Service Asset Refresh 


=" Event Management 
(Monitoring) 


Continuity Plan 


Stakeholder Communities 


Customers Partners Suppliers Governance 
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Communications/Outreach Planning 


Overview of CSSO 


NCAA Framework — 
Cloud Compliance 


Overview of CSSO 
for Vendors/CSPs 


MCE onboarding 


Agency Outreach 


Project Reviews 


Cloud best practices for 
general audience, 
Frameworks, 
architectures, 
recommendation for 
additional reading 


¢ Securing the Cloud 

¢ FedRAMP alignment 
and compliance 

¢ Government Cloud 
Security Approaches 


¢ How NASA 
augments cloud 
services for 
enterprise class use 


¢ On-boarding 
process 

¢ MCE Action item 
tracker 

¢ Risk/Issue review 


¢ Services provided 

¢ Value proposition 

e Agency Cloud 
strategy 


Results of the CSSO 
project reviews will be 
distributed for review 


Portal, slide 
deck, 
documents, 
FAQ 


Slide Decks, 
Portal, Guides, 
Tutorials, 
Workflows 


Documents, 
Email, 
Meetings, 
RFIs 


Portal, Online 
Meetings, 
Telecons 


Portal, Cloud 
community of 
interest, Email 


ORR Gate 
Review, Email, 
CSSO Weekly 
Meetings 


Management, general 
audience, Centers, 
OCIO Service Offices, 
Projects, Functions 


ClISOs in A&A context, 
AAOs. MCE Operators, 
MCE Customers 


Cloud Service 
Providers, Vendors 


Customers in CSSO 
pipeline, CSSO MCEs, 
Center MCEs 


ClO, MCE Operators 
COl, All service offices, 
center cloud POCs, 
interested parties 


ClO, MCE Operators, 
COl, All service offices, 
center POCs and any 
other interested parties 
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As needed 


Ongoing for life of 


project. 


As Appropriate 


Weekly 


Monthly 
Outreach; as 
required 


Once 


Completed/ 
Ongoing 


In 
Process/Ongoing 


In 
Process/Ongoing 


Ongoing 


Ongoing 


Complete after 
ORR is passed 


e Enterprise Approach 
e Value 

e Services vs. System 
e Services for MCEs 

e Organization 

e Architecture 


e Framework 


e High Priority Workflows 
e Technical Integrations 
e Maturity Stages and Key Milestones 


SERVICES OVERVIEW 
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Significant Array of Requirements 
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Case for an Enterprise Approach wa 


If each NASA community or project addresses the wide array of Requirements for 
Cloud Computing: 


e Projects may interpret and fulfill requirements differently 

e Unknown security posture and risks 

e Inconsistencies in policies, processes, and implementations 

e Highly inefficient approach that results in large Agency spend 


e Chaos 
Do the “heavy lifting” once for the 


Agency and enable projects to 
Strategy = leverage the capabilities we’ve 


created. 
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An Enterprise Approach So 


Key Elements of an Enterprise Approach 


= Standardized Agency governance 
= Standards and guidance for technical 
integration with Agency infrastructure, 
processes, and services 
= Networking 
=" Security operations 
= Authentication services 


ee eee Integrated hierarchical approach to 
faster adoption, greater 


consistency, managed risks, and FedRAMP com pliance 

lower Agency costs = Common procurement vehicles with 
proper terms, conditions, best practices 
Payment system to facilitate “pay as you 
go” within Agency constraints 

Integration with Agency IT service catalog 
and help desk 
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Value Proposition ww 


=" Comply with Federal mandates and guidelines 

= Address increasing demand from mission areas for cloud services 

=" Reduce capital expenditures and operating costs 

= Provide a uniform Agency solution that is secure and can be leveraged to 
achieve economies of scale 


SLUR al stot 
Imperative 


We provide a framework for secure and simplified access to 
cloud services so that Agency programs can efficiently use 
managed cloud environments. 


Mission 
Statement 


Simplify and accelerate the implementation of secure managed cloud 
environments to enable more mission accomplished per dollar and per 
hour. 


Vision 
Statement 
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Key Operating Principles So 


Guideposts for How We Operate 


=" We provide a solution that is flexible 
and accommodates a wide array of 
needs 


= We design and implement solutions 
through collaboration with customers, 
partners, and suppliers 


Our role is to be an effective = We strive to be as “thin” or “lean” as 
enabler and reliable partner to possible by building on Agency 
projects and communities that processes, people, and resources 


build and operate managed 


= We leverage knowledge from past 
cloud environments. 


efforts and incorporate the best ideas 
into our services, architecture, and 
development path 


6/9/16 [EMCC] Project ORR 


Services vs. Systems 


A Services Perspective 


Distinguishing Characteristics 


A Systems Perspective 


Definition Service: A means of delivering value to 
customers by facilitating outcomes 
customers want to achieve without the 
ownership of specific costs and risks. 


[ITIL] 
Value Proposition Customer is purchasing results 
Pricing Consumption-based 


Provider Commitments €rvice levels delivered at end point 


Customer does not own or maintain the 
underlying infrastructure (system of 

Ownership of Assets systems, service assets, subordinate 
services) 
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System: A collection of components 
organized to accomplish a specific 
function or set of functions. [IEEE] 


Customer is purchasing tools 
Product-based 


Capabilities of components 


Customer provides required underlying 
infrastructure and owns product via 
licensing agreement 
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Services for MCEs 


CSSO Initial Services 


Community Managed Cloud Environments (MCEs) Project MCEs 
General 1 e 
Purpose 
laaS, 
ih PaaS 
i . | Project | Project 
Individuals [x1 | A B 
© 
KK 2. 
Projects 
CSSO Cloud Services Framework: Security, Authentication, Spend Controls, Payments 


Access to the Cloud Services Framework is 
provided to MC Service Providers through 2. 
a set of Services. 


The EMCC Initial Operating Capability 
project delivers the Cloud Services 
Framework (blue layer), which is 
independent of integration with any 
particular cloud provider or MCE operator. 
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MCE Startup — Establishes a Managed 
Cloud Environment that is integrated 
with Agency IT and business services. 


Cloud Services Access — Provides 
administrative accounts, permissions, 
processes, and tools that enable the 
consumption of cloud services within 
an existing MCE. 


Cloud Consulting — Provides business 
and technical support to address 
issues/challenges in developing and 
operating an MICE. 
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Services Design 


Description 


Services Offered to Managed Cloud Service Providers 


1. Managed Cloud 
Environment (MCE) 
Startup 


2. Cloud Services 
Consumption 


3. Cloud Services 
Consulting 
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Establishes an laaS Managed 
Cloud Environment that is 
integrated with Agency IT and 
business services. 


Provides accounts, permissions, 
and tools that enable the 
consumption of AWS cloud 
services within an existing MCE. 


Provides business and technical 
support to address 
issues/challenges in developing 
and operating an MCE. 


Value Proposition 


Integration with NASA billing system 
Access to Agency approved Amazon 
services via acquisition vehicle and 
pre-negotiated SLA 

Streamlined IT security compliance 
Proventested technical integration 
architecture and skills 

Enterprise managed cloud solution 


Reduced time to begin using laaS 
cloud computing services 

Tracking of funds usage is integrated 
with Agency billing system 
Monitoring and support to assure 
secure and effective use of services 


Immediate access to a broad range of 
cloud computing skills and expertise 
Agency-wide perspective of cloud 
computing efforts 
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Features/Options 


Cloud Type 

¢ Gov Cloud (if available) 
¢ Pub Cloud 

laaS 

* Compute 

¢ Storage 

« VPC 

« IAM 


Same as above 


Consultant Type 

* Cloud Architect 

¢ Process Architect 

¢ |TSecurity and Compliance 
Consultant 

Support Type 

¢ Ongoing (duration) 

* Project (task/schedule 
based) 


Information Required 


Service concept describing 
the scope of the subscriber 
community and service 
offerings 

MCE Account Setup 
Information (see 
information required in MCE 
Account Recharge) 


MCE 

Services Needed 

Dollar amount 

Funding code (WBS) 
Thresholds, alerts, POCs 
Originator 

Funding Manager 
Authorized Spenders 
Statement of Work 
describing the current 
situation and problems to 
be addressed 
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MICE Service Provider Profile 


MCE Service Providers provide 
value to Agency communities 
and projects by offering targeted 
cloud-based services. 


6/9/16 


we 


Description of Key Responsibilities 


Defines a unique value proposition to serve the 
needs of Agency communities and projects 


Designs and launches cloud-based services 
(laaS, PaaS, SaaS) targeted to customer needs 


Designs, deploys, and operates a Managed 
Cloud Environment (Service infrastructure), 
including integration points with CSSO Cloud 
Framework 


Develops security plan and operates environment 
in compliance with Agency policies/processes 


Receives service requests and provisions service 
instances 


Monitors service instances and service assets, 
and responds to service incidents 


Implements a payment model that accepts funds 
to pay for services (e.g., resource consumption) 
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Organization 


MC Service IM EVareVe(caatcalar-lilemO@laer-lalraclacela 


Providers 


= Service Executive: Karen Petraska 
= Service Manager: Ray O’Brien 
=" Governance Team: 
= Foundational Governance Framework 
: ee = NASA Cloud A&A Framework (NCAA) 
Operations = Service Delivery Team: 

» Primary interface to Customers 

=" Responsible for lifecycle management and 
delivery of Services 

» Business Team: 

« Primary interface to Agency Business 
functions and Business Service Suppliers 

* Responsible for “back office” Business 
functions (billing, payment, procurement, 
reporting) 

» Technical Team: 

» Primary interface to Agency technical 
functions, Technical Service Suppliers, and 
Technology Providers 

= Responsible for operation of the Service 
infrastructure 


Service Office 


Service 
Delivery Team 


Governance 


Business Team Technical Team 


Our organization structure is aligned 
with the CSSO Framework structure. 
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Tiered Services Architecture So 


Community Managed Cloud Environments (MCEs) Project MCEs 


General 


it iin 


| CSS0 Cloud Service Framework: Secu, Authentication, Spend Contos Payments Cloud Services Framework: | CSS0 Cloud Service Framework: Secu, Authentication, Spend Contos Payments Authentication, Spend Controls, Payments 


We are a Services Integrator that enables Managed Cloud Service 
Providers (MC SPs) to provide Cloud Computing Services to Consumers by 
leveraging our Cloud Services Framework. 


The EMCC Initial Operating Capability project delivers the Cloud Services 
Framework (blue layer), which is independent of integration with any 
6/9/16 particular cloud provider or MCE operator. 17 


Framework — Contextual View 


6. CSSO Services Governance 


Federal 2 Value Deli Agency 
m ig lnc 6.3 Riek Menegement se elle "2 ~) Governance 
Mele 6.4 Resource Mgmt Cue hat 


Managed Cloud 2. Demand Side 


Service Providers Integration 4. Technical Integration 


3. Business Integration 
Networking 


31 1. CSSO Cloud Services Framework ICAM 
2 
Procurement 3.2 1.1 Service qe 1.3 Service Asset 
Management lhe Management 43 A 
— ee |= ect 
4 


3.3 


| 
a, ey 
5. Supply Side 
Integration 


The Cloud Services Framework consists of capabilities and resources (e.g., 
people, processes, information, technology, other services) that are 
integrated to provide Services to MC Service Providers. 
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Functional Area 


1.1 Service Management 


1.2 Administration 


1.3 Service Asset 
Management 


6.0 Governance 


The above workflows are essential to establishing an Initial Operating Capability. 
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Description 


Focuses on the lifecycle 
management and control of 
Services and Service Instances. 


Focuses on back-office business 
functions that supportthe 
delivery of Services and 
management of Service Assets. 


Focuses on the operationofa 
secure, reliable, and efficient 
Service Infrastructure. 


Focuses on setting and enabling 
strategy, and performing 
oversight of operations. 


Service Opportunity Qualification 
New Service Launch 

New Service Instance Activation 
Spend Monitoring 


Subscriber Registration Maintenance 
Account Statement Preparation 


Service Asset Monitoring 
Capacity Plan Development 
Service Incident Management 
Security Incident Management 
Problem Management 
Release Management 

Change Management 


CSP Triage & On-Boarding (CSSO & Center) 
CSP Security Assessment Review Process (FedRAMP & 


Non-FedRAMP) 

MCE On-Boarding 

MCE Customer On-Boarding 
Continuous Monitoring (CSP & MCE) 
Incident Response (CSP) 
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Enterprise Approach: New Boundar 


Cloud Service 
Provider 


Define a planned approach \ 
for this integration and pay \ 
the cost of designing and 
implementing it ONCE, not 
once for every user 
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laaS Example: AWS Integration 


Amazon Cloud Integrated 
with NASA IT 


risa 


NASA/AWS laaS 
Environment 


NASAIT 
ICAM NASA WAN Soc IT Security CIO Visibility 
¢ NCAD ¢  IPAM/DNS * SIEM * Vulnerability Scanning ° Resource Ownership 
* Launchpad ne * Log Analysis * Incident Response * Resource Utilization 
*  NAMS * NOC -OS * Patch Management 
° PIV * ISP -Firewall * Firewall Rules 


-OS Vulnerability * Forensics 


Technical Integration Overview isa 


Networking 
(CSO Services) 
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QS 
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Startup and 
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Maturity Stages and Key Milestones @® 


Development 


Y Pilot Acquisition 
Vehicle (SEWP) 

v Pilot Integration 
Project (AWS as 
reference laaS for 
framework 
development) 


¥ A&A Framework for 
Cloud 


Vv PATOs for AWS 
¥ Agency MCE ATO 


Vv Agency-Wide AWS 
Procurement 


¥ CSSO Framework for 
laaS 


¥ General Purpose MCE 
v AWS Game Day 


¥ 60+ Customersin 
Pipeline 

v Web Services Office 
MICE 


v¥ Agency-Wide MACS 
MCE Pilot 


¥ Additional AWS 
Services 
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Cost Analysis and 

Billing Solution 

Tools to Improve 
Continuous Monitoring) 
Light-Weight Cloud 
Management Platform 


Auto provisioning & 
Infrastructure scaling 
Policies and processes 
for onboarding of SaaS - 


Agency-wide SaaS MCE | 
Framework 


Extend reach of cloud 


to science/IT services 
23 


Questions 


